It turns out that the Model Context Protocol (MCP), a protocol used to connect generative AI models to other tools, has a vulnerability that could lead to the leakage of sensitive information, such as ...
A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.